Canadian charged in 'Heartbleed' attack on tax agency

OTTAWA Wed Apr 16, 2014 7:45pm EDT

1 of 2. Royal Canadian Mounted Police (RCMP) investigators canvas the London, Ontario neighbourhood April 16, 2014, around the home of Stephen Solis-Reyes who has been charged in connection with exploiting the 'Heartbleed' bug to steal taxpayer data from a government website.

Credit: Reuters/Geoff Robins

Related Topics

OTTAWA (Reuters) - Canadian police have arrested a 19-year-old man and charged him in connection with exploiting the "Heartbleed" bug to steal taxpayer data from a government website, the Royal Canadian Mounted Police (RCMP) said on Wednesday.

In what appeared to be the first report of an attack using a flaw in software known as OpenSSL, the Canada Revenue Agency (CRA) said this week that about 900 social insurance numbers and possibly other data had been compromised as a result of an attack on its site.

The suspect, Stephen Solis-Reyes, was arrested at his home in London, Ontario on Wednesday and faces criminal charges of unauthorized use of computer and mischief in relation to data.

"It is believed that Solis-Reyes was able to extract private information held by CRA by exploiting the vulnerability known as the Heartbleed bug," the RCMP said in a statement.

Police seized Solis-Reyes computer equipment and scheduled his court appearance for July 17, 2014.

Internet companies, technology providers, businesses and government agencies have been scrambling to figure out whether their systems are vulnerable to attack since the flaw was disclosed a week ago.

Security experts have warned that more attacks will follow.

(Reporting by Louise Egan; Editing by Chizu Nomiyama)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (2)
dd606 wrote:
I love it. If this was a story about somebody at the NSA sneezing, there would be a list of crackpots 3 pages long, going insane. But some nut steals 900 SS numbers, and nobody has a word to say about it.

Apr 16, 2014 4:32pm EDT  --  Report as abuse
none123456 wrote:
The NSA is promoting the creating of malicious code and instead of searching the people that want malicious code they just look at the stupid using it.

Where are the persecution for the NSA acts that can be seen for acts of terrorism by other nations? You will never see that instead you will see someone that just found how use what they made.

dd606 you are retarded

Apr 17, 2014 1:48am EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.